Anonabox – a tiny and low cost open source Tor router (updated)

The idea of a ‘secure’ router that ensures all communications from a connected device are encrypted as they pass between it and the internet is not new.

This is effectively what any router that is configured to run VPN does (we have instructions for doing this yourself in DD-WRT, or you can buy pre-flashed and configured routers from many VPN providers).

We have also seen products before that route all connections through Tor, such as the Onion Pi (a Raspberry Pi pre-configured to use Tor), the PogoPlug SafePlug (similar to the Anonabox, but twice the size and not open source), as well as DIY flash your own router with Tor projects, such as the TorRouter and PORTAL (both of which ultimately aim to offer unified software/hardware solutions).

There is however a new kid on the block, the Anonabox, which is garnering interest thanks to the fact that it is 100 percent open source (so it can be independently audited to ensure no backdoors etc.), is tiny (it should be small enough that two can hide in a pack of cigarettes), and is just $51.

It should be stressed that the Anonabox does not yet exist as an actual product, and is currently being funding through a Kickstarter campaign. However, the product has been in development for four years, and at the time of writing it has raised over $240,000 of the original $7,500 goal, so completion looks very likely.

The Anonabox sits between a router and any devices attached to it. An Ethernet cable connects the Anonabox to the router, and computers or mobile devices can connect to the Anonabox using WiFi or an Ethernet cable.

Looking at the Anonabox spec sheet, we note that the processor seems powerful enough (on a par with the top-of-the line Asus RT-AC66U router), and the 64mb of RAM is plenty to run Tor on.

It is something of shame, however (particularly given how successful the funding has been), that the Kickstarter did not add stretch goals to improve connectivity to the faster 802.11ac WiFi standard, and 10/100/1000M Gigabit Ethernet. It nevertheless still represents great value for money.

Lead technologist for Glenn Greenwald’s The Intercept website and keen developer for the Tor community, Micah Lee, told Wired that he was ‘encouraged’ by the idea of Anonabox,

‘If you’re using something like this, everything goes over Tor, so [a software exploit] can’t happen. A Tor router can definitely have a big benefit in that there’s physical isolation.’

He was however keen to point out that such hardware would not provide complete protection against things such as browser fingerprinting and cookies, and recommended using the hardened Tor browser even when connected through the Anonabox (a setting in the Tor Browser called ‘transparent torification’ can be turned off to prevent the internet running through Tor Twice).

Other interesting features of the Anonbox include that it can use ‘pluggable transports’ such as obfsproxy, which are designed to get around blocks on Tor (potentially making it useful in places such as China), that its rounded corners allow storage inside a body cavity, and that as developer August Germar explains, it can be easily destroyed,

‘Maybe it’s too late and the police are already downstairs, so you smash the box with a brick and throw the pieces out the window. Or maybe you just crush it by stepping on it with your shoe and flush the pieces down the toilet.’

Germar concludes that,

‘This isn’t just about making things easier for people who use Tor now, but also those who would like to use Tor but can’t for whatever reason. Those are the people we want to help.’

Update 15 October 2014: Just after publishing this article we came across this reddit thread, the main thrust of which accuses the Aonabox devs of misrepresenting their development process and using cheap third party Chinese hardware, which they did develop themselves (apparently the ‘prototypes’ shown on the Kickstarter page are not theirs). We strongly recommend that anyone interested in contributing to this Kickstarter read through the heated debate on reddit before investing.

Update 17 October 2014: The backlash against Anonabox continues as more criticisms emerge (for example about how connection to the router is not password protected by default). Look out for our follow-up article, in which we will report on the unfolding story in more depth.

Update 20 October 2014: KickStarter has suspended the Anonabox campaign, and se t backers the following email:

‘Hello,

This is a message from Kickstarter’s Trust & Safety team. We’re writing to notify you that the anonabox : a Tor hardware router (Suspended) project has been suspended, and your $51.00 USD pledge has been canceled. A review of the project uncovered evidence that it broke Kickstarter’s rules. We may suspend projects when they demonstrate one or more of the following:

Offering purchased items and claiming to have made them yourself Presenting someone else’s work as your own Misrepresenting or failing to disclose relevant facts about the project or its creator Accordingly, all funding has been stopped and backers will not be charged for their pledges. No further action is required on your part.

We take the integrity of the Kickstarter system very seriously. We only suspend projects when we find strong evidence that they are misrepresenting themselves or otherwise violating the letter or spirit of Kickstarter’s rules. As a policy, we do not offer comment on project suspensions beyond what is stated in this message.

Regards, Kickstarter Trust & Safety.’

Further information is available is available in this Ars Technica article, and an interesting reddit debate can be found here.

This is a message from Kickstarter’s Trust & Safety team. We’re writing to notify you that the anonabox : a Tor hardware router (Suspended) project has been suspended, and your $66.00 USD pledge has been canceled. A review of the project uncovered evidence that it broke Kickstarter’s rules. We may suspend projects when they demonstrate one or more of the following:

Offering purchased items and claiming to have made them yourself
Presenting someone else’s work as your own
Misrepresenting or failing to disclose relevant facts about the project or its creator

Accordingly, all funding has been stopped and backers will not be charged for their pledges. No further action is required on your part.

We take the integrity of the Kickstarter system very seriously. We only suspend projects when we find strong evidence that they are misrepresenting themselves or otherwise violating the letter or spirit of Kickstarter’s rules. As a policy, we do not offer comment on project suspensions beyond what is stated in this message.

We were aware of this, but thanks for the heads-up. We have updated the article, and will add additional information as it becomes available. Backers have not yet handed over any money, so at least that is not a problem. Thanks again.